[Gllug] Are IP Aliases a security risk?

[Adam Bower]

On Sat, Jul 05, 2003 at 04:28:07PM +0100, Richard Jones wrote:
> On Sat, Jul 05, 2003 at 03:37:32PM +0100, Dylan wrote:

> > A) Does this raise any security issues which aren't present in the dual-NIC 
> > setup?
> 
> If two networks run on the same physical cabling, then someone getting
> root and running tcpdump will be able to see traffic on both of the
> networks. Similarly if you have untrusted machines on that cable

In this situation it doesn't really make a difference because if a box was
r00ted in the dual homed version then the attacker could see the internal
network anyhow. 

Personally I would avoid the first situation and also what is proposed unless
they were absolutely essential. I really don't like having machines straddling
"out there" and "in here" because it gives you many more routes for an 
attacker to get in. In this situation that is described I would go for 1 box 
which has 1 interface "out there" and 1 interface "in here" and lock that 
down that one machine down heavily, put an IDS on it have outgoing firewall
rules along with incoming rules too etc. etc. You could then use port 
forwarding to provide access to services on the internal boxen. 

Well it would be a start anyhow, the main thing I would not do is have machines
dual homed onto a trusted side and untrusted at the same time.

Adam
-- 
jabberid = quinophex at jabber.earth.li
AFFS || http://www.affs.org.uk/ || Not a filesystem

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug